GeoServer OGC Filter SQL Injection Vulnerabilities

Impact GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is also supported through the Web Coverage Service WCS protocol for ImageMosaic coverages. SQL Injection...

CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

Code injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

CVE-2023-25157

CVE-2023-25157 (GeoServer SQL Injection) is triggered by flaws in OGC Filter handling within GeoServer’s WFS/WMS/WCS inputs, enabling SQL injection via filters such as PropertyIsLike, strEndsWith, strStartsWith, jsonArrayContains, and FeatureId under certain datastore conditions. Public details c...

CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

CVE-2023-25157 Unfiltered SQL Injection Vulnerabilities in Geoserver

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...

PT-2023-2269 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.21.4 GeoServer versions prior to 2.22.2 GeoServer versions prior to 2.20.7 GeoServer versions prior to 2.19.7 GeoServer versions prior to 2.18.7 Description: The issue is related to SQL injection vulnerabilities ...

GeoServer SQL注入漏洞

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.21.4, 2.22.2 and 2.22.2, which stems from abuse of strEndsWith, strStartsWith and PropertyIsLike...

PT-2022-5014 · Apache · Apache Commons Jxpath

Name of the Vulnerable Software and Affected Versions: Apache Commons JXPath affected versions not specified GeoServer versions prior to 2.23.6, 2.24.4, and 2.25.2 hermes-management versions prior to 2.2.9 Description: The issue is related to the application of external input for class selection ...

GHSA-8HMH-MHQV-7638 PartialBufferOutputStream2 flush issues

Withdrawn This advisory has been withdrawn as there the effects of the bug would only give the caller an incomplete view of data which they would be authorized to see. Original Advisory PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even whe...

PartialBufferOutputStream2 flush issues

Withdrawn This advisory has been withdrawn as there the effects of the bug would only give the caller an incomplete view of data which they would be authorized to see. Original Advisory PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even whe...

GeoServer allows SSRF via the option for setting a proxy host

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

GHSA-RR33-J5P5-PPF8 GeoServer allows SSRF via the option for setting a proxy host

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

Server side request forgery (ssrf)

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

GeoServer 代码问题漏洞

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that originates from an option that allows SSRF to set up proxy hosts through. The following products and versions are affected: versions...

CVE-2021-40822

GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host...

CVE-2021-40822

GeoServer versions 2.18.5 and 2.19.x up to 2.19.2 are affected by an SSRF vulnerability via the proxy host configuration. The issue is mitigated in later releases (notably 2.19.3 and beyond); broader fixes in 2.24.4/2.25.2 address related TestWfsPost servlet exposure. Remediation: upgrade to a fi...

PT-2022-11312 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.18.5 and earlier GeoServer versions 2.19.x through 2.19.2 Description: The issue allows for Server-Side Request Forgery SSRF via the option for setting a proxy host. This means an attacker could potentially force the serv...